Can I monitor connections to open ports?

[VoxelMints]

I block all ports in my firewall, except those necessary for visiting websites.

Is there a way to monitor what ports a program tries to use so I can open them?

Thanks for the help.

[WharfRat]

Try watch netstat -tanp

[trytip]

I block all ports in my firewall, except those necessary for visiting websites.
Thanks for the help.

i don't understand why you need open ports for websites. the only ports i allow are for file transfers with nitroshare and dukto which i share files through the wireless router.

which websites need open ports?

also you'll find out that then may be closed or undetected. go to https://www.grc.com/x/ne.dll?bh0bkyd2 click proceed, then enter a range of ports to test for open/closed status. under You may select any service from among those listed above . . . put a range of ports that includes your open something like 34560-34570 (the site will only test 64 ports at a time. 10 is good enough in the range 60 would take too long to confirm

[VoxelMints]

It seems I struggle with wording my questions clearly. That's my fault.

I have Incoming and Outgoing connections set to reject. I open ports 53 for DNS, and 443 for HTTPS so I'm able to visit websites.

I decided to drop the idea, it was proving too difficult to open ports for individual programs with restricted firewall settings like mine. I'll try the suggestions mentioned here, Thanks for the help.

[phd21]

Hi VoxelMints,

I just read your post and the good replies to it. Here are my thoughts on this as well.

+1 for WharfRat's reply...

I open ports 53 for DNS, and 443 for HTTPS so I'm able to visit websites.

You do not need to open (allow incoming, add firewall rules) on those ports for your system to work normally like visiting websites unless you are running your own DNS server or your own web server or web server apps. The typical user just needs to turn on (enable) the Linux firewall. If you add some Internet-enabled applications that require adding firewall rules they should say so in their instructions or want to access other computers on a network, or for accessing your computer remotely with certain applications, then you will have to add firewall rules.

I have Incoming and Outgoing connections set to reject.

Not necessary. With the firewall enabled, all incoming is rejected by default and you need outgoing to access the Internet.

How to Check for Open Ports in Linux - Make Tech Easier
https://www.maketecheasier.com/check-open-ports-linux/

Code: Select all

sudo netstat -atup

I have found it interesting and sometimes necessary to check what ports my system is using with the firewall turned off temporarily to improve my Internet security and to see what certain applications like some media servers are using so I can add firewall rules for ports they need to use so they will work properly (if they did not provide all the required firewall ports information).

Hope this helps ...

[VoxelMints]

I open ports 53 for DNS, and 443 for HTTPS so I'm able to visit websites.

You do not need to open (allow incoming, add firewall rules) on those ports for your system to work normally like visiting websites unless you are running your own DNS server or your own web server or web server apps. The typical user just needs to turn on (enable) the Linux firewall. If you add some Internet-enabled applications that require adding firewall rules they should say so in their instructions or want to access other computers on a network, or for accessing your computer remotely with certain applications, then you will have to add firewall rules.

Yes, I allow ports 53, and 443 only outgoing access, and it works fine. I decided to set outgoing connections to "allow" on a per application basis as a solution. I'm still considering the advice mentioned here though.

[trytip]

when you open gufw (firewall) you will see in the report tab what is using the internet connections.

[VoxelMints]

I noticed the report tab wouldn't show Firefox connected or it's open ports. It's probably because the ports Firefox uses were already opened. But it would be nice if it showed everything opening a port.

I'm very paranoid about knowing what process is using the internet. And I miss this functionality in Linux Mint so far.

[phd21]

Hi trytip, VoxelMints, etc...

when you open gufw (firewall) you will see in the report tab what is using the internet connections.

Thanks. I never noticed that reports tab in the Linux firewall before and it even allows you to add a firewall rule for an application listed automatically entering in the port as well. I had to click its "pause" button so that it would stop continuously updating itself.

To: VoxelMints: The firewall reports tab shows my Slimjet browser but not everything else I am using. And you still have the commands like "sudo netstat -atup".

[trytip]

in Terminal (maximized to get a better output)

Code: Select all

sudo netstat -atnp | grep ESTABLISHED | awk '{printf "%-25s %-10s %-25s %-20s\n",$7,$1,$4,$5}' | sed /^-/d | sed 's/\//  /g'

for all connections including local

Code: Select all

sudo netstat -atnp | grep "ESTABLISHED\|LISTEN" | awk '{printf "%-25s %-10s %-25s %-20s\n",$7,$1,$4,$5}' | sed /^-/d | sed 's/\//  /g'

[Hoser Rob]

I think there may be some Linux beginner confusion about Windows v Linux here, Linux doesn't leave unused network ports open by default like WIndows does. This is one of the reasons it's so much more secure than WIndows.

For example, I've done distro hopping on my old netbook in the past. A few times, after reinstalling I forgot to turn on the firewall at first. I did this for a month once. This is on a machine that I don't use at home, just out and about in cafe etc hotspots. I NEVER got hacked. How many milliseconds would that have taken in Windows?

[VoxelMints]

in Terminal (maximized to get a better output)

Code: Select all

sudo netstat -atnp | grep ESTABLISHED | awk '{printf "%-25s %-10s %-25s %-20s\n",$7,$1,$4,$5}' | sed /^-/d | sed 's/\//  /g'

for all connections including local

Code: Select all

sudo netstat -atnp | grep "ESTABLISHED\|LISTEN" | awk '{printf "%-25s %-10s %-25s %-20s\n",$7,$1,$4,$5}' | sed /^-/d | sed 's/\//  /g'

I think there may be some Linux beginner confusion about Windows v Linux here, Linux doesn't leave unused network ports open by default like WIndows does. This is one of the reasons it's so much more secure than WIndows.

I can't seem to run netstat or lsof commands with sudo because I use a user account, not an admin account. Using an "admin" account means I need to log in with the same password that is used to make "sudo" system changes which makes me nervous.

I disabled Cups, and Avahi, I think I'm covered on the networking side. Samba is not installed by default.

[trytip]

I can't seem to run netstat or lsof commands with sudo because I use a user account, not an admin account. Using an "admin" account means I need to log in with the same password that is used to make "sudo" system changes which makes me nervous.

you can still run the command without sudo but you will only get connection info for the current user. the root connections won't be displayed.

Code: Select all

netstat -atnp | grep "ESTABLISHED\|LISTEN" | awk '{printf "%-25s %-10s %-25s %-20s\n",$7,$1,$4,$5}' | sed /^-/d | sed 's/\//  /g'

[VoxelMints]

I can't seem to run netstat or lsof commands with sudo because I use a user account, not an admin account. Using an "admin" account means I need to log in with the same password that is used to make "sudo" system changes which makes me nervous.

you can still run the command without sudo but you will only get connection info for the current user. the root connections won't be displayed.

Code: Select all

netstat -atnp | grep "ESTABLISHED\|LISTEN" | awk '{printf "%-25s %-10s %-25s %-20s\n",$7,$1,$4,$5}' | sed /^-/d | sed 's/\//  /g'

Cool, thanks trytip.

[VoxelMints]

If I remember correctly with Mint 19 I used to open port 53, 443, and 80. And my programs connected fine.

Has anything changed with how Mint 19.1 handles program connections recently?